US flag signifying that this is a United States Federal Government website  Official website of the Department of Homeland Security

ABC's Of How To Hack & Defend A Website

ABC's Of How To Hack & Defend A Website

  • Online, Self-Paced

Course Description

When you are trying to build a secure website or web application, it helps to see the problem through the eyes of a hacker! ABC's Of How To Hack & Defend A Website is a 3 hour video course designed to review key web technologies, exploitation techniques and how to find vulnerabilities. The course contains several hands-on exercises and ends with a Capture The Flag (CTF) competition. This course has been pre-approved by CompTIA to receive 3 CEU's for Security+ certificate holders.

Learning Objectives

The course covers:

  • Basic web application technologies, including Web Servers, Client-Side vs. Server-Side Programming Languages, Databases and their related workflow.
  • We then use several useful hacking tools, such as Burp Suite and the Damn Vulnerable Web Application (DVWA) to understand HTTP and POST and GET requests.
  • We take a closer look at the Burp Suite Site Map and Spider, and cover how to bypass Client-Side Controls, Cross-Site Scripting (XSS), and how to use Stored XSS to deface a website; in the final section we discuss how to actually find these vulnerabilities by offering a simple step-by-step process.

Framework Connections

  • Icon that says Securely Provision with a padlock depicted.
  • Icon that says Protect and Defend with shield depicted.

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.